Host Your Alexa Skill Service on AMPLIFY using API Builder, Part 2

In my Part 1 post, I described how easy it is to host an Alexa Skill Service on AMPLIFY using API Builder. I used a Custom API to handle the POST API request from the Alexa Skill Interface, and then created a JSON reply that contained the text that the Amazon Echo spoke back to me.

In this post, we continue working on our Custom API and add the following items:

Verify the API request from the Alexa Skill Interface as required for getting certification from Amazon

Implement a few more Skill capabilities to make our skill more useful

Use ArrowDB to store data that will persist between sessions

Verify the API Request

According to Amazon, we need to verify the request made to our Skill Service to ensure that it is coming from Amazon. The steps to do this are:

Check the SignatureCertChainUrl header for validity.

Retrieve the certificate file from the SignatureCertChainUrl header URL.

Check the certificate file for validity (PEM-encoded X.509).

Extract the public key from certificate file.

Decode the encrypted Signature header (it’s base64 encoded).

Use the public key to decrypt the signature and retrieve a hash.

Compare the hash in the signature to a SHA-1 hash of entire raw request body.

Check the timestamp of request and reject it if older than 150 seconds.

In the action property, I extract the value of two headers: signaturecertchainurl and signature. If they are both present and populated, then I pass them to the verifier method which performs the 8 steps outlined above. If the verification passes, then I call a function called alexaskill which I’ll cover shortly. Otherwise, I send an error reply to the Alexa Skill Interface and the Echo will say something like “There was a problem with the skill”.

Enhancing the Skill Implementation

If the request is verified, then the alexaskill function is called. This function implements the skill logic. The skill code below handles the following requests as required and documented by Amazon:

The function above basically handles the 3 request types: LaunchRequest, IntentRequest and SessionEndedRequest. If the request is an IntentRequest, it then checks to see which Intent it is: HelloArrowIntent or the built-in AMAZON.HelpIntent.

LaunchRequest

The LaunchRequest will be sent when the user says: “Alexa, open Hello Arrow”. This is your opportunity to tell the user a bit about how to use the skill. Specifically, I tell Alexa to respond with:

“Welcome to Hello Arrow. Ask Hello Arrow to say hi”.

HelloArrowIntent

The intent request, HelloArrowIntent, will be sent when the user says: “Alexa, ask Hello Arrow to say hi” or any of the utterances defined in the Skill Interface Interaction model. I tell Alexa to respond with:

“Hello Arrow”

AMAZON.HelpIntent

The intent request, AMAZON.HelpIntent, will be sent when the user says: “Alexa, ask Hello Arrow for help”. This is your opportunity to provide help. You can see in the code above that I call the getHelpCount function.

More on this shortly as it also brings us to the 3rd main topic of this blog post: data persistence.

SessionEndedRequest

The request SessionEndedRequest will be sent when the user says: “exit”. This is your opportunity to do any cleanup you may need to do. You cannot send back a response to a SessionEndedRequest.

ArrowDB and Data Persistence

Consider a skill that lets a user create and manage a to do list. Or consider a skill that has a long back and forth interaction with the user, such as a recipe skill where the skill can time out and end the session (and have to start over) if the user does not interact within 16 seconds. For these examples and many more, it is important to be able to save data in between sessions.

Amazon promotes the use of DynamoDB for this, but since we are running on AMPLIFY, we have access to ArrowDB. With ArrowDB, we can define a model that will store a userId (passed in with each request) and any data for the user that we would like to persist.

Recall what an Alexa typical request body looks like below. Note that you can access the userId from the session.user object.

As you can see in this post and the prior post, AMPLIFY’s API Builder provides the means for easily hosting Alexa Skill Services. Furthermore, ArrowDB makes it very simple and straightforward to store persistent data that can be used between sessions.

Follow Us

What can we help you with today?

Let us know how we can help you today! We're ready to get down to business. To contact our sales click here or fill out the form below: Need support? Log in to our support portal for assistance.

Axway respects your privacy. Your personal data will not be shared with or sold to a third party (unless to Axway legal entities where you can find the list at "Contact us"). Please note that you can withdraw your consent at any time by clicking here.